Skip to content

One Line Explanations of Cyber Security Terms

What is CVE? Common Vulnerabilities and Exposures (CVE) is a freely available list of vulnerabilities that have been assigned a CVE ID. Further explanation.

What is a CVE? A CVE (always written in capitals) is a fix for vulnerabilities that occur in software and hardware when it is released and/or updated. Further explanation.

What is a CVE ID? A CVE ID is a 'CVE identifier', the number given to a vulnerability that includes the CVE prefix + year + sequence number (CVE-YYYY-NNNNN) e.g. CVE-2019-10766. Further explanation.

What is a CVSS? CVSS (Common Vulnerability Scoring System) is the term used for scoring (0-10) and rating ('none' to 'critical') the severity of vulnerabilities that have been assigned a CVE ID. Further explanation.

What is a vulnerability? A vulnerability is a weakness in software and hardware that can be exploited by an attacker to perform unauthorized actions within a computer network. Further explanation.

What is a CNA? A CNA (CVE Numbering Authority) is an organization that has the authority (of CVE) to assign CVE IDs to vulnerabilities. Further explanation.

What is a zero-day? A zero-day vulnerability is one that has been newly discovered and the vendor hasn't had time i.e. zero days, to release an update fix/patch. Further explanation.

What is a bug bounty program? A bug bounty program is an incentive - usually monetary - offered by the makers of software and hardware to anyone who can find bugs (flaws/vulnerabilities) in its product. Further explanation.

What is a Candidate Naming Authority? Candidate Naming Authorities (CNAs) were introduced by CVE in 1999 as entities that could identify vulnerabilities but not assign CVE IDs, and later became "CVE Numbering Authorities" (still CNAs) that could assign CVE IDs. Further explanation.